Izz ad-Din al-Qassam exploited small, unimportant, and poorly secured web servers to accomplish its denial-of-service attacks against US banks, a technique expected to become common. Iran denies involvement, calling the attacks an American provocation, but few credit the denials. (Anonymous petitions US President Obama to recognize denial-of-service attacks as Constitutionally protected free speech, but few take that seriously, either.)
RedHack breaches Turkey's Council of Higher Education to protest allegedly widespread corruption. Mississippi State University suffers an ineffectual cyber attack; for some reason a Brazilian hacker claims responsibility.
Cisco acknowledges that its phones can be hacked to serve as bugs (a vulnerability reported last month), but no fix is yet available. Microsoft indicates it will have a patch for Internet Explorer (IE) vulnerabilities soon.
Those IE vulnerabilities were exploited in waterhole attacks; security analysts forecast that these will become the hackers' norm in 2013. Two other trends are noteworthy: BYOD renders enterprises vulnerable because of poor policy and lack of technology to support sound policy, and 4G LTE now enables rapid expansion of machine-to-machine communications.
Maryland releases an encouraging Cyber Jobs Report; it's pleased to find Baltimore behind only Palo Alto and San Francisco as a "cyber hot bed." FireEye raises cash to prepare for an IPO.
Linguists tout "stylometrics"—identifying anonymous posters by style—as a powerful OSINT tool. The Netherlands government issues white hat disclosure rules. If you're a British civil servant, stay off social media at work: eleven of your mates were just sacked for not doing so.